Hi Team i would like to ask question about assigning user to synced groups.
I want to implement feature in my system: When user logged in, user is assigned to groups created earlier during synchronization.
I created groups in my system (using Okta Group API). I got name and group_ID in my system.
I logged user using OIDC (Authorization Code Flow).
I got thin ID Token, Access Token (with groups scope), and Refresh Token.
Then i call UserInfo endpoint (because i can’t get user groups from ID Token).
Problem is, that UserInfo enpoint contains only Group name . I can match it based on name, but there is issue, when this group is renamend etc.
So my question: Is there way how can I (as user in OIDC login) get all group_id’s where i’m assigned as user? (To be able to match this group id with synced groups earlier).
It takes 3 arguments: a list of groups (by ID) to compare against, the value you want returned, and the limit. The second argument supports group.id, which controls the output format.
So every time an organization creates or deletes a group they would have to regenerate this list in order to retrieve the group ids in the claims? That feels very manual. Seems odd that I can get the group names a user is in pretty easily but I am unable to see the group ids.
I know an admin can get all the info from the group endpoints, but a regular user has to rely on the information coming back in the claims.
If you used a static allowlist, then yes, you would need to update the list any time a new group is created that your application needs to receive information about. That is currently the only way to return out a group ID within a claim.
. I can match it based on name, but there is issue, when this group is renamend etc.